Published: 11/04/2025 Updated: 11/04/2025

Authenticated Administrator Impersonation Vulnerability in Palo Alto Networks PAN-OS Management Interface

An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator. The attacker must have network access to the management web interface to exploit this issue. You greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended critical deployment guidelines live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW and all Prisma® Access instances.

Version
Minor Version
Suggested Solution
PAN-OS 11.2
11.2.0 through 11.2.2Upgrade to 11.2.3 or later
PAN-OS 11.111.1.0 through 11.1.4
Upgrade to 11.1.5 or laterPAN-OS 11.0
11.0.0 through 11.0.5
Upgrade to 11.0.6 or later
PAN-OS 10.2
10.2.0 through 10.2.10Upgrade to 10.2.11 or laterPAN-OS 10.1
10.1.0 through 10.1.14
Upgrade to 10.1.14-h11 or later
All other older
unsupported
PAN-OS versions Upgrade to a supported fixed version.
PAN-OS 11.0 is EoL. We listed it in this section for completeness because we added a patch for PAN-OS 11.0 before it reached EoL. If you are running PAN-OS 11.0 in any of your firewalls, we strongly recommend that you upgrade to a fixed supported version.

Vulnerable Product	Search on Vulmon	Subscribe to Product
paloaltonetworks pan-os 11.2.4
paloaltonetworks pan-os 11.2.3
paloaltonetworks pan-os 11.2.2
paloaltonetworks pan-os 11.2.1
paloaltonetworks pan-os 11.2.0
paloaltonetworks pan-os 11.1.4
paloaltonetworks pan-os 11.1.3
paloaltonetworks pan-os 11.1.2
paloaltonetworks pan-os 11.1.1
paloaltonetworks pan-os 11.1.0
paloaltonetworks pan-os 11.0.5
paloaltonetworks pan-os 11.0.4
paloaltonetworks pan-os 11.0.3
paloaltonetworks pan-os 11.0.2
paloaltonetworks pan-os 11.0.1
paloaltonetworks pan-os 11.0.0
paloaltonetworks pan-os 10.2.10
paloaltonetworks pan-os 10.2.9
paloaltonetworks pan-os 10.2.8
paloaltonetworks pan-os 10.2.7
paloaltonetworks pan-os 10.2.6
paloaltonetworks pan-os 10.2.5
paloaltonetworks pan-os 10.2.4
paloaltonetworks pan-os 10.2.3
paloaltonetworks pan-os 10.2.2
paloaltonetworks pan-os 10.2.1
paloaltonetworks pan-os 10.2.0
paloaltonetworks pan-os 10.1.14
paloaltonetworks pan-os 10.1.13
paloaltonetworks pan-os 10.1.12
paloaltonetworks pan-os 10.1.11
paloaltonetworks pan-os 10.1.10
paloaltonetworks pan-os 10.1.9
paloaltonetworks pan-os 10.1.8
paloaltonetworks pan-os 10.1.7
paloaltonetworks pan-os 10.1.6
paloaltonetworks pan-os 10.1.5
paloaltonetworks pan-os 10.1.4
paloaltonetworks pan-os 10.1.3
paloaltonetworks pan-os 10.1.2
paloaltonetworks pan-os 10.1.1
paloaltonetworks pan-os 10.1.0
palo alto networks cloud ngfw
palo alto networks pan-os
palo alto networks prisma access

CWE-83 https://nvd.nist.gov https://www.first.org/epss https://security.paloaltonetworks.com/CVE-2025-0125

CVE-2025-0125

Vulnerability Summary

Solution

References

Vulmon Search

About

Products

Connect